Re: [libvirt] [PATCH 1/1] apparmor: allow tunnelled migrations.
On 12/02/2011 12:10 PM, Serge Hallyn wrote:
The pathname for the pipe for tunnelled migration is unresolvable.
The
libvirt apparmor driver therefore refuses access, causing migration to
fail. If we can't resolve the path, the worst that can happen is that
we should have given permission to the file but didn't. Otherwise
(especially since this is a /proc/$$/fd/N file) the file is already open
and libvirt won't be refused access by apparmor anyway.
Also adjust virt-aa-helper to allow access to the
*.tunnelmigrate.dest.name files.
Changelog: Dec 2: per jdstrand comment, also change the Error to a VIR_WARN.
I tend to put comments like the above after the ---; they are nice
during patch review for comparing how the patch has evolved compared to
prior reviews, but the history of how a patch was created is no longer
important once you have the patch itself in libvirt.git.
For more information, see https://launchpad.net/bugs/869553.
Whereas this definitely belongs in the commit message.
Signed-off-by: Serge Hallyn <serge.hallyn(a)canonical.com>
---
src/security/security_apparmor.c | 6 +++---
src/security/virt-aa-helper.c | 4 ++++
2 files changed, 7 insertions(+), 3 deletions(-)
ACK and pushed, with the compilation actually fixed by squashing this in:
diff --git i/src/security/security_apparmor.c
w/src/security/security_apparmor.c
index 5e68da8..db7e7dc 100644
--- i/src/security/security_apparmor.c
+++ w/src/security/security_apparmor.c
@@ -38,6 +38,7 @@
#include "virfile.h"
#include "configmake.h"
#include "command.h"
+#include "logging.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
#define SECURITY_APPARMOR_VOID_DOI "0"
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 620 bytes)